Skype for Business Server 2015 Firewall Diagram

Who would have thought that after just 16 months that almost 5,000 of you would have downloaded my Firewall Diagram for Lync Server 2013.  So flattered that so many have found it useful.  And a big thank you for those of you that have shared, liked and praised it.To carry on t

 
 
 
 
 
5 Star
(26)
9,295 times
Add to favorites
Lync
11/11/2016
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • Great Work! What's Next?
    2 Posts | Last post May 06, 2016
    • Hey Randy! Outstanding work on this. This is a huge help to those that need to make sense of Lync and/or S4B to their Networking team. Ever thought about putting together a traffic-flow diagram to show step-by-step processes of sign-ins? You certainly have the Visio chops for it!
      
      Josh
    • Thank you Josh. Really appreciate it. I get lots of suggestions for ports from inside to the SfB servers. I think the protocol workloads poster does that already. And this (and the Lync one before it) were done to show firewall ports through and beyond the perimeter. Have thought about a cleaner version in my style. Thinking about doing one or s couple for hybrid scenarios. 
  • The Brach Sites will be added in this Diagram?
    2 Posts | Last post August 07, 2015
    • PSTN gateway and possibly a Meditation Server
      SIP trunk 
      Existing voice infrastructure with a private branch exchange (PBX)
      Survivable Branch Appliance
      Survivable Branch Server
      
      https://technet.microsoft.com/en-us/library/gg398217(v=ocs.15).aspx
      
      Regards.
      
      
    • Great comment Carlos and thank you for downloading. 
      
      The purpose of the diagram is to show the networking and security professionals the ports and media flow through a perimeter firewall.  Branch sites/appliances and PBXs will be on the local or Wide Area Network and therefore route-able internally. Therefore the traffic does not traverse the perimeter firewall.  
      
      As an FYI - A Branch appliance requires ports 5061 (to the Front End pool) and 5062 (to the Edge Pool) for SIP/MTLS and port 444 (to the FE) for CAC traffic.  Hope this helps.